Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday
AI Generated Image

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

The Hacker News technology

Key Points:

  • Security researcher Chaotic Eclipse released a proof-of-concept exploit called LegacyHive, targeting a Windows User Profile Service vulnerability that allows arbitrary hive loading and privilege escalation on all supported Windows desktop and server versions, including the latest July 2026 update.
  • The exploit requires credentials from a standard user and a third username (potentially an administrator), and while the public PoC is limited, the original exploit could load any hive without additional credentials, raising significant security concerns.
  • Microsoft and Chaotic Eclipse have been in conflict since April 2026 over the disclosure of multiple exploits before patches were available, with some vulnerabilities in Microsoft Defender actively exploited shortly after public release.
  • Concurrently, Microsoft issued patches for 622 flaws, including actively exploited privilege escalation vulnerabilities in SharePoint Server and Active Directory Federation Services, which have been added to the U.S. CISA Known Exploited Vulnerabilities catalog with mandated patch deadlines.
  • Several SharePoint Server vulnerabilities enable remote code execution and privilege escalation without authentication, posing serious risks especially to internet-facing servers, with experts warning these flaws allow unauthorized actions and persistence through malware deployment.

Trending Business

Trending Technology

Trending Health